Pemodelan Ancaman Sistem Keamanan E-Health menggunakan Metode STRIDE dan DREAD

Abstract

The Hospital Management Information System (SIMRS) functions as a medium for hospital information and hospital management. There are patient medical record data, which is the result of interactions between doctors and sufferer. Medical records are sensitive data so that the security of the hospital management information system needs to be improved to convince users or patients that the data stored on SIMRS is safe at attackers. There are several ways to improve system security, one of which is by threat modeling. Threat modeling aims to identify vulnerabilities and threats that exist in SIMRS. In this paper, threat modeling will use the STRIDE-model. The recognition with the STRIDE-model will then be analyzed and sorted according to the modeling with the STRIDE method. After the analysis is complete, it will be calculated and given a rating based on the DREAD method's assessment. The STRIDE method's results show that there are several threats identified, such as there is one threat on the user side, the webserver is five threats, and the database is three threats. The level of the threat varies from the lowest-level (LowL) to the highest-level (HiL). Based on the threat level, it can be a guide and sequence in improving and improving the security system at SIMRS, starting from the LowL to the HiL.